{*
SPDX-FileCopyrightText: © 2023 Olivier Meunier <olivier@neokraft.net>

SPDX-License-Identifier: AGPL-3.0-only
*}
{{ extends "/base" }}

{{- block title() -}}API Documentation{{- end -}}

{{- block head() -}}
  <script type="module" src="{{ assetURL(`vendor/rapidoc.js`) }}" nonce="{{ cspNonce }}"></script>
{{- end -}}

{{- block body() -}}
{{- yield quickAccessMenu(items=slice(
  slice("menu", "Menu"),
  slice("content", "Main content"),
)) -}}
<div class="flex h-screen max-sm:flex-col">
  {{ include "/menu" }}
  <div class="grow md:overflow-y-auto" id="content">
    <rapi-doc
     spec-url="{{ .Schema }}"
     persist-auth="true"
     load-fonts="false"
     theme="light"
     nav-bg-color="#ffffff"
     show-method-in-nav-bar="as-colored-text"
     show-header="false"
     allow-server-selection="false"
     show-curl-before-try="true"
     schema-style="table"
     schema-description-expanded="true"
     default-schema-tab="schema"
    >
    </rapi-doc>
    <script nonce="{{ cspNonce }}">
      // Add the X-CSRF-Token header when no token is sent with the request.
      // This way, the API can be tested without having to provide a token.
      (function() {
        const safeMethods = ["GET", "HEAD", "OPTIONS", "TRACE"]

        window.addEventListener('DOMContentLoaded', () => {
          const csrfToken = document.querySelector(
            'html>head>meta[name="x-csrf-token"]',
          ).content
          const el = document.querySelector("rapi-doc")
          el.addEventListener('before-try', (evt) => {
            if (!safeMethods.includes(evt.detail.request.method) && !evt.detail.request.headers.get("authorization")) {
              evt.detail.request.headers.append("X-CSRF-Token", csrfToken)
            }
          })
        })
      })()
    </script>
  </div>
</div>
{{ end }}
